[Solved] Nextcloud 24 The “Strict-Transport-Security” HTTP header is not set to at least “15552000”

Iv been going cracy trying to resolve this issue, tried everything i have found on the internet set it to 15752000, invert the order on which the is set, add ; preloadat the end of Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains", but nothing works, the same msg still shows up on my nextcloud, has anyone been able to fix this?

this is my ssl apache config looks like on the section im suppose to put that, im using ubuntu server 20.04, php 8.1 and apache2:

        DocumentRoot /var/www/nextcloud

        <IfModule mod_headers.C>
                Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

        <Directory /var/www/nextcloud/>
                AllowOverride All

I did this a long time ago but I believe that I got rid of the message by using a value greater than 15752000

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    Header set Referrer-Policy "no-referrer"

and I cannot recall why I used 15768000, probably something I found on this forum or the Internet…

i was so exited to try ur solution to see if it was finally gonna solve my issue, it did, it solved it, but not by putting the entire thing u wrote, but i notice ur <IfModule mod_headers.c> was using a non capital C at the end, i did that i replaced my capital C for a regular c and voalah! problem solved, didnt even change the max age number, left everything untouched lol… cant belive i spent so much time looking for a solution and it was just a stupid letter -.-, anyways tyvm for ur tip :slight_smile:

1 Like

Glad to help … even if it was by accident!! :slight_smile: